post https://api.edfapay.com/payment/post
The Credit Void API allows merchants to void (reverse) a transaction that has been authorized but not yet captured.
This operation releases the held amount from the customer’s bank before settlement.
The VOID API now applies only to transactions where:
- auth = Y (authorized), and
- no capture has been performed yet.
Once a transaction is captured (even partially), you must use the Refund API instead.
Endpoint
POST https://api.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be VOID. |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| hash | string | Yes | Security hash generated to authorize the request |
Important NoteYou can get the trans_id from Dashboard in the transaction page with name Payment ID. Also you can trans_id in the Successful Response
Example Request
curl --location 'https://api.edfapay.com/payment/post' \
--form 'action="VOID"' \
--form 'client_key="XXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"' \
--form 'trans_id="XXXXXXXXXXXXXXXX"' \
--form 'hash="XXXXXXXXXXXXXXXXXXXXXXXXX"'Hash Calculation
To secure the API call from unauthorized access, the hash parameter must be computed using the following formula:
Formula:
Hash = MD5( UPPERCASE( Reverse(Email) + Merchant_Password + Transaction_ID + Reverse(First6(Card_Number) + Last4(Card_Number)) ) )JavaScript Example using CryptoJS
var trans_id = "XXXXXXXXXXXXXXXXXXX"; // Example transaction ID (Payment ID)
var PASSWORD = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; // 🔒 Your merchant secret key
var card_number = "512345******0008"; // Masked card number for security
var email = "[email protected]"; // Example email address
// Helper function to reverse strings
const ReverseString = str => [...str].reverse().join('');
// Reverse email and masked card digits (first 6 + last 4)
let reversedEmail = ReverseString(email);
let reversedCard = ReverseString(card_number.replace(/\*/g, '').substr(0, 6) + card_number.replace(/\*/g, '').substr(-4));
// Combine reversed values + password + trans_id
let result = (reversedEmail + PASSWORD + trans_id + reversedCard).toUpperCase();
// Generate the final MD5 hash
let finalResult = CryptoJS.MD5(result).toString();
// Set the generated hash as an environment variable in Postman (optional)
postman.setEnvironmentVariable('hash', finalResult);
Notes
- email: The customer’s email address. It is reversed before being used in the hash generation.
- card_number: Only the first 6 and last 4 digits of the card are used. These digits are reversed before being concatenated.
- trans_id: The transaction ID (payment ID) of the related SALE or CAPTURE transaction.
- merchant_pass: Your merchant secret key — keep it confidential and never expose it publicly.
- The final concatenated string follows this order: Reverse(email) + merchant_pass + trans_id + Reverse(card_first6 + card_last4)
- The entire string is then converted to uppercase before applying MD5.
- The final hash is the MD5 output in lowercase hexadecimal format.
Sample Response
{
"action": "VOID",
"result": "SUCCESS",
"status": "VOID",
"order_id": "Test_order",
"trans_id": "XXXXXXXXXXXXXXXXX",
"trans_date": "01-01-2025 00:00:00",
"rrn": "XXXXXXXXXXXXXX",
"card_brand": "MASTER",
"merchant_name": "Edfapay"
}
{
"message": "Transection XXXXXXXXXXXXXXXXX has already been voided earlier.",
"status": "FAILED"
}Notes
- You cannot void an already voided or refunded transaction.
- The response status VOID confirms successful reversal of the transaction.
Sample Response After Capture
{
"action": "VOID",
"result": "Declined",
"status": "VOID",
"order_id": "Test_order1",
"trans_id": "XXXXXXXXXXXXXXXXX",
"trans_date": "01-01-2025 00:05:00",
"rrn": "XXXXXXXXXXXXXX",
"card_brand": "MASTER",
"merchant_name": "Edfapay"
}Notes
- You cannot Void after Capture
- Same Response will be shown when press send again